[Qemu-devel] map host MMIO address to guest

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] map host MMIO address to guest

From:	Huaicheng Li
Subject:	[Qemu-devel] map host MMIO address to guest
Date:	Mon, 25 Jun 2018 11:08:46 -0700

Hi all,

I'm trying to map a host MMIO region (host PCIe device BAR) into guest
physical address space. The goal is to enable direct control over that host
MMIO region from guest OS by accessing a certain GPA.

I know the address of the host MMIO region (one page). First I map the page
into QEMU process address space and get a QEMU buffer. Then I use
"memory_region_init_ram_ptr();
memory_region_add_subregion_overlap(system_memory, 512MB, my_mr, 1)" to map
the QEMU buffer as part of guest physical address space (starting from
512MB to 512MB+4K).

When I read/write to QEMU buffer, I can observe that correct MMIO region
access is triggered. However, when I try to access the mapped MMIO region
from guest OS (using a guest kernel module to access gpa:512MB directly),
the following host kernel panic will be triggered.

I don't understand why this happens. When I use the same method and map a
host memory page (instead of a host MMIO page) into guest, it works fine. I
appreciate if anyone can help analyze this? Thanks in advance.

Best,
Huaicheng

[  323.844213] BUG: unable to handle kernel paging request at
ffffea0003faf460
[  323.845671] IP: gup_pgd_range+0x2f5/0x860
[  323.846615] PGD 23f7ed067 P4D 23f7ed067 PUD 23f7ec067 PMD 0
[  323.847848] Oops: 0000 [#1] SMP
[  323.848692] Modules linked in: wpt(O) kvm_intel kvm irqbypass
[  323.850085] CPU: 2 PID: 4994 Comm: qemu-system-x86 Tainted: G
 O     4.15.0-rc4+ #10
[  323.853002] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014
[  323.855029] RIP: 0010:gup_pgd_range+0x2f5/0x860
[  323.855792] RSP: 0018:ffffc90004fdbae0 EFLAGS: 00010002
[  323.856648] RAX: 0000000003faf440 RBX: 0000555b8c6db000 RCX:
00003ffffffff000
[  323.857618] RDX: ffffea0003faf440 RSI: ffff88022d4c36d0 RDI:
80000000febd1067
[  323.858598] RBP: ffffc90004fdbb7c R08: 0400000000000000 R09:
ffffea0000000000
[  323.859428] R10: 00003ffffffff000 R11: 80000000febd1067 R12:
000000022d4c3067
[  323.860216] R13: ffffc90004fdbba8 R14: 0000555b8c6da000 R15:
0000000000000007
[  323.860979] FS:  00007f4a3a527700(0000) GS:ffff88023fc80000(0000)
knlGS:0000000000000000
[  323.861899] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  323.862534] CR2: ffffea0003faf460 CR3: 0000000232723001 CR4:
00000000000626e0
[  323.863312] Call Trace:
[  323.863667]  __get_user_pages_fast+0x6b/0x90
[  323.864234]  __gfn_to_pfn_memslot+0xf5/0x3b0 [kvm]
[  323.864858]  ? kvm_irq_delivery_to_apic+0x51/0x2a0 [kvm]
[  323.865502]  try_async_pf+0x53/0x1f0 [kvm]
[  323.866039]  tdp_page_fault+0x112/0x280 [kvm]
[  323.866609]  kvm_mmu_page_fault+0x53/0x130 [kvm]
[  323.867201]  vmx_handle_exit+0x9b/0x1510 [kvm_intel]
[  323.867823]  ? atomic_switch_perf_msrs+0x5f/0x80 [kvm_intel]
[  323.868504]  ? vmx_vcpu_run+0x30a/0x4b0 [kvm_intel]
[  323.869101]  kvm_arch_vcpu_ioctl_run+0xa79/0x1570 [kvm]
[  323.869748]  ? kvm_vcpu_ioctl+0x2eb/0x570 [kvm]
[  323.870332]  kvm_vcpu_ioctl+0x2eb/0x570 [kvm]
[  323.870897]  ? kvm_vm_ioctl+0x142/0x7e0 [kvm]
[  323.871457]  do_vfs_ioctl+0x8f/0x5b0
[  323.871955]  ? native_write_msr+0x6/0x20
[  323.872476]  ? security_file_ioctl+0x3e/0x60
[  323.873024]  SyS_ioctl+0x74/0x80
[  323.873468]  entry_SYSCALL_64_fastpath+0x1a/0x7d
[  323.874043] RIP: 0033:0x7f4a3c897f47
[  323.874506] RSP: 002b:00007f4a3a526a78 EFLAGS: 00000246 ORIG_RAX:
0000000000000010
[  323.875439] RAX: ffffffffffffffda RBX: 000000000000ae80 RCX:
00007f4a3c897f47
[  323.876234] RDX: 0000000000000000 RSI: 000000000000ae80 RDI:
000000000000000f
[  323.877093] RBP: 0000555b8c5ef450 R08: 0000555b89bc1a70 R09:
00000000ffffffff
[  323.877931] R10: 00000000fee00000 R11: 0000000000000246 R12:
0000000000000000
[  323.878760] R13: 00007f4a3e2db000 R14: 0000000000000006 R15:
0000555b8c5ef450
[  323.879555] Code: 00 00 d3 e2 85 c2 75 ae 4c 85 c7 0f 85 d0 00 00 00 f7
c7 00 02 00 00 75 9d 48 89 f8 66 66 66 90 4c 21 d0 48 c1 e8 06 4a 8d 14 08
<48> 8b 42 20 4c 8d 58 ff a8 01 4c 0f 44
da 41 8b 43 1c 85 c0 0f
[  323.881713] RIP: gup_pgd_range+0x2f5/0x860 RSP: ffffc90004fdbae0
[  323.882509] CR2: ffffea0003faf460
[  323.883069] ---[ end trace 2427ffda7b3b2a32 ]---

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] map host MMIO address to guest, Huaicheng Li <=

Prev by Date: Re: [Qemu-devel] [PATCH] migration: invalidate cache before source start
Next by Date: [Qemu-devel] [PATCH] Deprecate the -enable-hax option
Previous by thread: [Qemu-devel] [PATCH v5] ssh: switch from libssh2 to libssh
Next by thread: [Qemu-devel] [PATCH] Deprecate the -enable-hax option
Index(es):
- Date
- Thread